“It is a great honor to be recognized for the public good created by this act of whistleblowing.

“However the greater reward and recognition belongs to the individuals and organizations in countless countries around the world who shattered boundaries of language and geography to stand together in defense of the public right to know, and the value of our privacy.

“It is not I, but the public, who has effected this powerful change, to abrogation of basic constitutional rights by secret agencies.

“It is not I, but newspapers around the world, who have reason to hold our governments to the issues when powerful officials sought to distract from these very issues with rumor and insult.

“And it is not I, but certain brave representatives in governments around the world who are proposing new protections, limits and safeguards to prevent future assault on our public rights and private lives.

“My gratitude belongs to all of those who have reached out to their friends and family to explain why suspicionless surveillance matters. It belongs to the man in a mask on the street on a hot day, and the woman with a sign and an umbrella in the rain, it belongs to the young people in college with a civil liberties sticker on their laptop, and the kid in the back of a class in high school making memes.

“All of these people accept that change begins with a single voice, and spoke one message to the world: governments must be accountable to us for the decisions that they make, decisions regarding the kind of world we will live in, what kind of rights and freedoms individuals will enjoy are the domain of the public, not the government in the dark.

“Yet the happiness of this occasion is for me tempered by an awareness of the road traveled to bring us here today. In contemporary America, the combination of weak legal protections for whistleblowers, bad laws that provide no public interest defense, and a doctrine of immunity for officials who have strayed beyond the boundaries of law, has perverted the system of incentives that regulate secrecy in government. This results in a situation that associates an unreasonably high price with maintaining the necessary foundation of liberal democracy: our informed citizenry.

“Speaking truth to power has cost whistleblowers their freedom, family or country. This situation befits neither America nor the world. It does not require sophistication to understand that policies equating necessary acts of warning with threats to national security inevitably lead to ignorance and insecurity. The society that falls into the deterrent trap known in cultural wisdom as ‘shooting the messenger’ will quickly find that not only is it without messengers, but it no longer enjoys messages at all.

“It is right to question the wisdom of such policies and the unintended incentives that result from them. If the penalty for providing secret information to a foreign government in bad faith is less than the penalty for providing that information to the public in good faith, are we not incentivising spies rather than whistleblowers?

“What does it mean for the public when we apply laws targeting terrorism against those engaged in acts of journalism?

“Can we enjoy openness in our society if we prioritize intimidation and revenge over fact finding and investigation?

“Where do we draw the line between national security and public interest, and how can we have confidence in the balance when the only advocates allowed at the table of review come from the halls of government itself?

“Questions such as these can only be answered through the kind of vigorous public discussion we are enjoying today. We must never forget the lessons of history regarding the dangers of surveillance gone too far, nor our human power to amend such systems to the public benefit.

“The road we travel has been difficult, but it leads us to better times. Together we can guarantee both the safety and the rights of the generations that follow. To all of those who have participated in this debate, from the highest official to the smallest citizen, I say thank you.”

On the specific decision, the CRTC rejected the UBB model it approved less than a year ago, acknowledging that it was too inflexible and could block independent ISPs from differentiating their services. The issue then boiled down to Bell’s preferred model based on volume and the independent ISPs’ approach who preferred capacity based models. The Commission ruled that capacity-based models are a better approach since they are more consistent with how network providers plan their networks and less susceptible to billing disputes.

With Bell’s preferred approach out of the way, the Commission was left to choose between two capacity models – the independent providers’ “95th percentile” solution and MTS Allstream’s capacity model. The Commission chose a variant on the MTS Allstream model that involves both a monthly access fee and a monthly capacity charge that can increase in increments of 100 Mbps. That model is even more flexible than what MTS proposed, suggesting that the Commission was primarily focused on building in as much flexibility for independent providers as possible. In addition to this model (which the Commission calls an approved capacity model), the large ISPs can continue to use flat rate models which provide for unlimited usage.

Although I agree that further changes should be made, I’m not so sure I go along with all of Professor Geist’s suggestions. The CRTC clearly does not function the way that it should.

The CRTC’s mandate is supposedly to protect consumers. Looking at the history of UBB it is clear that the CRTC does not. In practice, consumers don’t even make it onto the their radar at all; the only CRTC concern is the ISPs.

The CRTC continues to allow Bell Canada to deploy:

Deep Packet Inspection. This essentially allows Bell Canada total access to all unencrypted Internet traffic. Which means the technology gives Bell the means to read our email, and the CRTC allows this. With zero oversight. The CRTC trusts Bell with their privacy, but I don’t. And although I’m not even a Bell customer, my email is not safe from Bell, because my ISP goes through Bell. This is no more reasonable than giving blanket permission to Canada Post to open postal mail.

Gouging Customers. I was aghast that the CRTC didn’t understand that most Canadians pay a lot for mediocre Internet access, and worse, didn’t seem to believe the issue was relevant to their deliberations. Have to move to a different geographical location in order to get an another choice of ISP is not “choice.”

Throttling the Internet. This one still boggles my mind today just as much as when I first heard about it. When customers pay for a level of service, and the service provider deliberately impedes that service, providing inferior service than has been contracted for is wrong. And again, Bell is not only does this to their own customers, but to the customers of the Independent ISPs as well. Worse still, Bell decide singles out specific Internet traffic to discriminate against it. The CRTC gave Bell permission to do this, the implication being that is that all encrypted traffic is “Downloaders” It seems to me, even if someone is using the Internet for nefarious means, to illicitly download copyrighted content, say, it should not give an ISP the right to provide less bandwidth than the customer paid for. This argument is flawed; one crime doesn’t justify another.

Maybe I’m old fashioned, but I grew up in a world where deliberately short changing consumers was considered to be fraud, and when even the government law enforcement officials were required to get a warrant before they read my mail.

These are some of the reasons why I don’t think the CRTC is doing its job of protecting consumers. This could be fixed by making sure that the CRTC reflected its real constituency better. [hint: the CRTC should not be limited to past or present Telecom employees, but should also include consumers.] There shouldn’t have to be a major outcry before the CRTC hears consumer; if the CRTC is going to continue to exist, it needs to be responsive to the public.

If the CRTC isn’t reformed, it should be dissolved and replaced with something that does look out for citizens.

Both Bell and Rogers have far too much control over too many facets of the industries they inhabit. This sure looks like what our American friends might define as “anti-trust.” Where was the CRTC … how did things get this messed up if the CRTC was doing its job?

These corporations are not going to behave any better unless compelled to do so. Maybe its time they were broken up; the Internet is an essential service, perhaps it should be administered like any other utility, for the public good rather than the corporate greed.

ACTA is an international agreement hammered out by a handful of countries (led by the US, including Canada) that requires signatories to create civil and criminal law to give force and effect to ACTA.

ACTA is intended as a global standard to ‘protect’ against intellectual property and counterfeit products, containing very specific discussion about digital information.

The negotiating parties did NOT include:

India,

Brazil,

China,

Russia

or any countries known as the greatest sources of counterfeit goods.

Nor did it include any:

consumer rights groups,

human rights groups, or the

Information and Privacy Commissioner of Canada.

The intent to negotiate a deal was announced in late 2007. Because there’s an economic impact component to it, the US declared the draft ACTA text to be confidential as a matter of national security. A draft was circulated amongst rights-holder lobbyists (generally from the recording and motion picture industries). After three years of negotiations, the text was leaked in April of 2010. The Government of Canada released a copy of the draft in October 2010. The final text was issued in November 2010.

An unprecedented degree of secrecy for a set of copyright protection rules.

Once ACTA is approved, its member countries are expected to put pressure on their trading partners to have them join the treaty — of course, after ACTA is finalized.

The final text includes a provision for amending the agreement, and that’s viewed as a back door to get acceptance of the three strikes provision that was rejected during negotiations.

Three strikes law describes the penalty: after three allegations of inappropriate Internet use, service will be suspended for 12 months.

heavily stacked in favor of “rightsholders” at the expense of consumer human rights

Under ACTA, prosecution, remedies and penalties are acted upon based on allegations advanced by the rights holder, and all can be decided by judicial or ‘administrative’ authorities. ACTA sets out the items that can be included in calculating restitution. For instance, an alleged infringer can be ordered to reimburse the rights holder for the retail price and “lost profits” (as calculated by the rights holder), legal and court costs, etc etc. Allegedly counterfeit products must be destroyed, at the expense of the alleged infringer. If it’s ultimately found that there was no infringement, the alleged infringer can ask for damages, but no process or formula is articulated.

ACTA puts individuals in jeopardy since border officials will be compelled to carry out the injunctions obtained in other countries, even if the activity is legal in the border official’s country. Thus, ACTA empowers officials to seize medicines that are off patent in the country of production and in the countries where they are being exported to, if a company holds a patent to that medicine in any member country.

Similarly, ACTA’s border enforcement provisions empower member countries to seize and destroy exports while in transit to other countries. ACTA provides that “parties MAY exclude small quantities of goods of a non-commercial nature contained in travelers’ personal luggage”, so it still leaves it to countries to seize and inspect personal devices to determine if and how much pirated material is there; and the individual will have to bear the cost of inspection, storage, and destruction. So anyone who rips music from the CD they bought and transfers that ripped music onto their iPhone or Blackberry, and then tries to carry it through the border might not get very far. Imagine what it could do at airport screening lineups!

ACTA offers many privacy-invasive provisions, including requiring the release of information necessary to identify an alleged infringer, and any party who might be associated with that alleged infringer.

ACTA puts third parties (i.e., distributors, NGOs, public health authorities) at risk of injunctions, provisional measures, and even criminal penalties, including imprisonment and severe economic losses. This could implicate, for example, suppliers of active pharmaceutical ingredients used for producing generic medicines; distributors and retailers who stock generic medicines; NGOs who provide treatment; funders who support health programs; and drug regulatory authorities who examine medicines. The potential repercussions are expected to serve as a deterrent to being involved — directly or indirectly — in the research, production, sale and distribution of affordable generic medicines. Ascertaining the third party involvement will require inspecting digital records; and ACTA compels disclosure and international sharing of that information.

Deep Packet Inspection

Deep packet inspection of online activity will be used to identify alleged infringements. ISPs will be required to shut down alleged infringers’ Internet connections, and publicize the identity of the alleged offender amongst other ISPs.

DPI is also expected to cause ‘collateral damage’ when blameless sites at the same IP address get shut down along with the accused. DPI was approved for use by ISPs and telcos when, in August 2009, Canada’s Privacy Commissioner ruled on the Bell/Sympatico case (Case Summary #2009-010). The only limit was a recommendation Bell Canada inform customers about Deep Packet Inspection.

The Commissioner did note that “It is relatively easy to paint a picture of a network where DPI, unchecked, could be used to monitor the activities of its users.”

France

Liberté, égalité, fraternité?

France recently passed its HADOPI “three strikes” law that targets alleged illegal Internet file-swappers. There is no no presumption of innocence in HADOPI. After a rights holder advances an allegation of infringement and gets administrative approval, the alleged infringer receives two warnings, and then gets cut off the Internet.

And there is no judicial recourse.

Under the terms of HADOPI, Internet access is only restored after the “offender” allows spyware to be installed on his/her computer, monitoring every single thing that happens on said computer, and that could also reach to the entire network (personal or corporate) that the computer is attached to.

HADOPI has been sending out notices. Initially, it sent out about 10,000 per day, with plans to ramp up to 50,000 per day. ISPs must hand over information to the government about those accused within eight days. If they don’t, hey could get fined 1,500 euros per day per IP address.

USA

A few weeks after Thanksgiving weekend in November 2010, the US Homeland Security’s Immigration and Customs Enforcement (ICE) department seized and shut down 82 domain names during “Operation In Our Sites II” without prior notice. Not all of these domains contained counterfeit products.

The web sites included a search engine and some well-known music blogs.The released partial affidavit and seizure warrant show that that the decision to seize the domains was almost exclusively dependent on what the Motion Picture Association of America said were the facts, and the MPAA’s numbers about the economic importance of the movie industry and MPAA testimony about how piracy hurts its income.

The MPAA and the Recording Industry Association of America were two of the 42 individuals and groups in the US that were given access to the draft text early on.

The PATRIOT Act does the same in the US. The UK Home Office recently resurrected the so-called ‘Super Snooper Bill’ that will allow the police and security services to track the British public’s email, text, Internet and mobile phone details. And the “Server in the Sky” global biometric database will tie it all together.

No warrant necessary in Canada.

C-52 also requires the telcos and ISPs to provide the transmissions in an unencrypted form and to “comply with any prescribed confidentiality or security measures“. A gag order, in other words.

And the information to be provided is quite specific and broad: It is “any information in the service provider’s possession or control respecting the name, address, telephone number and electronic mail address of any subscriber to any of the service provider’s telecommunications services and the Internet protocol address,
mobile identification number, electronic serial number, local service provider identifier, international mobile equipment identity number, international mobile subscriber identity number and subscriber identity module card number that are associated with the subscriber’s service and equipment”.

C52 compels ISPs to spy on their customers

Under C-52, Telcos are required to have and bear the cost of the equipment necessary to comply; and the equipment can be specified by the government or enforcement agencies.

Between ACTA and other international agreements and multilateral treaties to share information it’s easy enough to circumvent the provisions of Section 8 of Canada’s Charter of Rights and Freedoms by having an agency outside of Canada do the work, and then share the results back into Canada. Canada and the US have been known to do that on occasion, typically to protect ‘national security’ or guard again ‘terrorism’.

Post Script:
Internet Service Providers are in the business of providing Internet Service, and ‘deputizing’ them to spy on citizen customers is an atrocious breach of net neutrality, which I wrote about a year ago in Nutshell Net Neutrality

Looking over my blogs, I was surprised to see just how much I have actually written about ACTA shared both in this blog:

or, Why David Eaves Is Wrong about Usage Based Billing

David Eaves is a smart guy. The problem is that there is so much misinformation about Usage Based Billing, like so many others, he is terribly misinformed:

“One thing that has bothered me about these complaints is that they have generally come from people who also seem to oppose internet service providers throttling internet access. It’s unclear to me that you can have it both ways – you can’t (responsibly) be against both internet throttling and usage-based billing. “

It’s understandable, really. UBB is difficult to understand, describe and explain. Because it’s so complex.
For instance, try explaining that Bell is a backbone carrier as well as an Internet service provider competing with their own wholesale customers.
It’s kind of like a song i heard when I was a kid, something about being your own grandpa….

First, the jargon is so new, much of it isn’t even in Wikipedia.

That’s one of the things I struggled to address when I started this blog. But it gets worse. Bell doesn’t use the words of jargon the same way other ISPs in other parts of the world do.

The short version is that Bell’s version of “throttling” consists of deliberately impeding traffic, which actually artificially inflates bandwidth consumption. Worse, they use DPI to discriminate against specific traffic. When you add UBB to throttling, the result looks very much like fraud. Which is why the American ISP Comcast was slapped down by the FCC when they did it.

Policing

Policing traffic above a certain rate simply consists of allowing dropped packets when there is Internet congestion. Using the infamously overused highway analogy, if there were two westbound lanes of traffic and the lead car in the fast lane has a blow-out and slams on the brakes and skids to a stop, the other cars in the fast lane can either rear-end this car or overflow the highway into the center ditch. Or both. The traffic in the slow lane just keeps moving along and none of it is lost.

So if the Internet truly is congested, some of it will go through fine but whatever doesn’t fit will simply be discarded, and become “lost” or “dropped” packets. The traffic that is not dropped moves as smoothly as ever. Without an acknowledgment of receipt, the dropped packets will eventually be resent when the recipient system places a “resend” request after the congestion has cleared up. Because this method of clearing up Internet congestion does not target any particular type of Internet traffic, it does not require the invasive deep packet inspection process.

Traffic Shaping or Throttling

The practice known as “Traffic Shaping” can also be called “throttling”.

Traffic Shaping is applied to Internet congestion by forcing all the traffic to slow down and conform to a certain speed by pushing it through a bottleneck.

In this process, no traffic is lost, it is simply delayed in a huge queue. Your computer’s packets will take longer to cross the Internet, and generally your computer will slow down its demands until the congestion is cleared. Revisiting the highway analogy, if we funnel four lanes of traffic into one, everyone gets to where they’re going, but the trip might take an hour instead of fifteen minutes.

This process called interchangeably Traffic Shaping or Throttling does not require the invasive Deep Packet Inspection process either, again for the same reason: it is not targeting a specific type of traffic, it slows down everything.

What Bell Canada calls “throttling” is not the same thing as what the rest of the world calls “throttling”.

What Bell Canada means by “Throttling”

“ Bell uses Deep Packet Inspection (DPI) to identify peer-to-peer (P2P) traffic (CRTC filing), and most likely the Bittorrent protocol in particular. Bell Canada uses Sandvine’s equipment for DPI and throttling. With throttling, a forged reset is sent to the client for a percentage of transmitted packets. The client needs to re-establish the connection, as well as re-transmit the lost data (Robb Topolski first discovered the use of forged reset packets). Since Bittorrent transmits as much data as it receives, the re-transmission costs are significant.

‘Policing’ and ‘Traffic Shaping’ sound like industry weasel words to make it sound like they’re doing a good thing. ‘Policing’, ‘traffic shaping’ and ‘throttling’ all degrade service for the party being policed, shaped or throttled. Of the three, Bell has chosen to use ‘throttling’, the technique that’s most disruptive to its customers.”

In 2008 Bell Canada acquired Sandvine‘s Deep Packet Inspection equipment with the intention of charging their own customers for their bandwidth usage. Using the DPI process to peel back the packet layers, Bell Canada is able to acquire a lot of information from the packets that make up our Internet traffic. Unfortunately, DPI also shows the Carrier what the content is, unless the content is encrypted. If the content IS encrypted, DPI lets Bell Canada know it’s encrypted. Essentially Deep Packet Inspection gives Bell Canada the capability of reading any unencrypted packets we send across the Internet.

The original application of DPI was to allow Bell Canada to keep track of their customers’ bandwidth use. This necessarily requires information about both senders and recipients, because you can’t reasonably charge Usage Based Billing without knowing which customers used what amount of bandwidth. Bell Canada did not require permission to do this to their own retail customers, because the CRTC does not set Internet pricing. The CRTC allows the ISPs freedom to charge what they want, since the CRTC believes Canada enjoys competition. The idea here is that customers who are dissatisfied with the price or the service terms they are getting are able to change ISPs.

Interestingly enough, at the same time that Bell was busily “throttling” customers, it seems that Bell Canada had begun a new business enterprise: The Globe and Mail: Bell launches video download store. Although customers using Peer to Peer file sharing protocols for downloading were being throttled, it seems subscribers to Bell Canada’s own download service were not.

The problem began when Bell Canada took things too far. After deploying their Deep Packet Inspection package, it wasn’t long until Bell Canada took it a step further– Bell Canada began to use DPI to “throttle” their wholesale customers’ Internet traffic as well.

Congestion

Certainly there is congestion. If you were using a 15 year old computer you would find it much slower than the one you’re using now.

The Canadian Internet infrastructure seems to be rather like that. At the beginning, Bell infrastructure was state of the art. It isn’t state of the art any more. This isn’t because of anything Bell has done, it seems to be what Bell has not done. It’s the same infrastructure they had back then.

Is that the fault of consumers? No. We pay some of the highest Internet rates in the world.

Non-discriminatory traffic shaping (slowing everything down, rather than singling out the traffic you don’t like) is the accepted practice in parts of the world where citizen privacy and equality is valued. DPI is illegal in many parts of the world because of its capacity for abuse.

Artificial Scarcity

The Internet is NOT full. The technology is not getting more expensive. Far from being a genuinely scarce resource, technology is getting faster and storage capacity is increasing while costs drop. Had Bell upgraded the infrastructure to leading edge five years ago it would have much cost far more more than it would cost today. And it would only be half as good.

I remember when my sister’s 2 gigabyte hard drive was unimaginably large. Today you can get a 2 Terabyte drive for around $100 and a 2 GB flash drive is barely adequate for my kid’s school work.

Canadians have been paying inflated costs all along that more than pay for infrastructure maintenance and upgrades, yet if there has been any of the latter I’ve not heard a peep about it. So long as the CRTC allows Bell to charge the customers of their competition UBB there certainly is no incentive for Bell to increase capacity.

People Don’t Understand Bandwidth

What is bandwidth? How much are you using? How can you reduce it?

The first thing to realize is that we are paying for our Internet connection. I pay TekSavvy, my ISP, the agreed rate. My ISP pays the Carrier, Bell, the agreed rate. UBB is an additional cost added to an already profit generating price structure. It over rides contracts.

When TekSavvy buys bandwidth from Bell, they have bandwidth they can redistribute at their discretion.

If you buy a basket of apples from a Farmer, and then give one apple to Tom, three apples to Dick, and 14 apples to Harry, the farmer can’t charge more because Harry took too many apples.

Yet one of the most persistent fallacies floating around is the idea of “bandwidth hogs.”

Hogwash

Actual usage costs range from less than a Canadian penny a gigabyte to possibly as high as three cents/GB.

Yet the big telcos want to charge a range from one to five dollars per gigabyte.

The Independent ISPs have contracted for finite blocks of bandwidth. They pay Bell what they have contacted — prices set by Bell — to pay for these blocks of bandwidth. UBB is a bonus that will be paid to Bell in exchange for providing zero in additional value. Without, say, having to upgrade.

Ultimately, unlike paying for a glass of water, Canadians don’t even know what bandwidth is. The CRTC claims that they support choice. Yet when the Internet first opened up, Canadians chose not to get involved. Originally, the Internet was all Usage Based Billing all the time, charged by the minute. Aside from Technophiles and the rich, Canadians stayed offline. It wasn’t until we could get the Internet at flat rates that Canadians jumped on board with enthusiasm.

Even Bell can’t reliably offer more than a “range” of what some internet activity will actually cost.
There is no meter we can see. Right now I could walk outside and wade through the snow and write down the numbers on my hydro meter. The federal government guarantees the accuracy of the equipment.

Yet there is absolutely no oversight for UBB.
Bell could pull figures out of the air, and consumers have no recourse.
Nor does Bell actually undertake to deliver speeds that they claim to offer.

And the CRTC allows this, instead of looking out for the best interests of consumers.

It’s not over yet.

Regulating Canada into the last century will not help our digital economy survive in this one.
We need to Stop Usage Based Billing before it starts.

If you haven’t already, sign the petition. There are only 13974 signatures.

If you have already signed, who else should you be asking to sign?

That’s easy: anyone who uses the Internet.
Because Usage Based Billing will harm not only Canadians, but our Economy.

We all know spam is out there. We all get it. The only real way to stop spam is for no one to ever ever answer it.
Mark it as spam and delete it. But so long as one person somewhere in the world clicks ‘reply’ or ‘buy’, it will never go away.

But there are things we can do.

don’t make it easy for spammers

I can’t tell you how many times I’ve passed along this advice, because it is a simple thing that we can all do.

When sending email to many people it is much better to select “BCC” than “CC”.

CC = stands for ‘carbon copy’

BCC = stands for ‘blind carbon copy’

When you use “CC” every recipient gets access to every email address.

This is important because if even a single copy of your email goes astray and falls into the hands of a spam harvester, they get the bonanza of a whole pile of email addresses to send spam to or to sell to other spammers to send spam to. Spammers aren’t going away any time soon so we should at least try to make it tough for them.

BCC means that the recipients can only see your email address, their own, and the addressee if there is one. Sending them all BCC would mean that only 2 email addresses appear in the email.

Always use BCC

And no, I’m not saying that you can’t trust the people you sending email to.

The thing to realize is that email travels across the Internet. DPI is the equivalent of unsealing our email.

But in Canada, the CRTC allows Bell Canada to use Deep Packet Inspection (DPI) to look inside Internet traffic– which includes email. DPI is illegal in Europe due to privacy concerns. It just takes one unscrupulous person with access and spammers have our email addresses.

history lesson: the origin of the carbon copy

Before computers, people in the 20th Century had typewriters. Typewriters were machines used for writing. Pressing down on a typewriter key worked the typewriter machine by striking the corresponding letter shaped metal die onto an inked ribbon against paper rolled into the machine.

When using a typewriter, it was possible to make an exact copy by sandwiching a piece of carbon paper between two sheets of typing paper and rolling them both into the typewriting machine. The force applied to the key would first transfer the ink to the paper and then through the flimsy carbon paper transferring the carbon onto the second piece of paper in the shape of the typed character.

The drawback was that the second copy was not crisp. The advantage that every keystroke was reproduced. This second copy was called a carbon copy. It was considered good form for the typist to type “cc” followed by the name of the person who would receive the second copy. In this way, bot copies indicate who received the letter.

A duplicate made without indicating a second recipient was called a “blind carbon copy” or “bcc” since the original recipient is not privvy to either the fact of it’s existence or information about it’s disposition. Often a file copy would be made in this fashion so that the sender retained a copy of his side of the correspondence.